• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

"Phantom" Threat: Can't Locate It, so Can't Remove it

I am running Norton Security on Windows 7 Home on my desktop machine. I have several external drives connected to it.

During a full scan it appeared to flag a threat called "movtomp4_setup.exe" in my I drive which had been connected but usable for months, probably because of hardware failure. I had not disconnected it from the machine yet because, frankly, laziness.

Unfortunately, Norton was unable to remove the threat, and since I could not get into the drive to remove it manually, I simply disconnected the drive.

However, when I restarted the machine, it flagged the same threat in the same drive, even though the drive is no longer connected.

There's something else strange, though. NS indicates that the threat is present in two locations: the original (and no longer connected) I drive location; and someplace referred to with several underscores: ___. I do not know what that is.

Has anyone seen this problem before and can offer a solution? I have a screenshot on the attached PDF for you to review.

Thank you.

Chuck

Replies

Kudos0

Re: "Phantom" Threat: Can't Locate It, so Can't Remove it

Does Copy to Clipboard offer any helpful info. 
FWIW ~ I've seen [Contained in] with zip >  e.g., [Contained in] c:\users\bjms\desktop\eicar_com.zip Deleted

Kudos0

Re: "Phantom" Threat: Can't Locate It, so Can't Remove it

By "Copy to Clipboard", do you mean export results? This is what that says, below. It's the " inside of [_____]" that's really catching my eye:

Resolved Threats:
No risks have been resolved

Unresolved Threats:
Risks in compressed file "movtomp4_setup.msi"
 Type: Compressed
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Virus
 Status: Remove Failed
 -----------
 1 Infected File
[movtomp4_setup.exe] inside of [_____] inside of [i:\_my documents\computers\software\audio and video\mov to mp4 converter\movtomp4_setup.msi] - Remove Failed
 

Kudos0

Re: "Phantom" Threat: Can't Locate It, so Can't Remove it

By "Copy to Clipboard", do you mean export results?

I mean Copy to Clipboard (in your screenshot--next to Close) and paste in notepad. 


Unresolved Threats:
Risks in compressed file "movtomp4_setup.msi"
 Type: Compressed

Kudos0

Re: "Phantom" Threat: Can't Locate It, so Can't Remove it

EDIT: Funny how it says "Copy to Clipboard" on the screenshot, yet when I went to the computer to find that, that same link now says "Export Results". So ... huh.

Anyhow, can you tell anything from what I posted?

Kudos0

Re: "Phantom" Threat: Can't Locate It, so Can't Remove it

> is external drive is password protected.
> seems like setup.msi is compressed.
> maybe original location moved and archive is damaged.
> can you remove all external drives.
> can you scan external drives.
Lets hear from Community

Kudos0

Re: "Phantom" Threat: Can't Locate It, so Can't Remove it

Hello

Do you download movies or YouTubes? The infected file sounds like it is a movie to mp4 msi. converter.  It's a converter of movies to mp4's. download manager. Have you checked Resolved Malware Threats.? That setup exe which is inside the download manager which is zipped up in the I drive My Documents.

Sorry, this isn't too clear to me even..........

Thanks.

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit NSBU 22.17.0.183 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: "Phantom" Threat: Can't Locate It, so Can't Remove it

chasfh:

Unfortunately, Norton was unable to remove the threat, and since I could not get into the drive to remove it manually, I simply disconnected the drive.

However, when I restarted the machine, it flagged the same threat in the same drive, even though the drive is no longer connected.

The reason Norton continues to alert to the threat even though the infected drive is disconnected is because Norton did not remove it and so will continue to remind you of its presence.  You can stop this by going into Norton History and clearing the item from Unresolved Risks, although you may not want to do this until you figure out all the loose ends..

You have shown what Norton considers to be an infected file.  What is the name of the threat that Norton is detecting in that file?

Kudos0

Re: "Phantom" Threat: Can't Locate It, so Can't Remove it

Unresolved Threats:
Risks in compressed file "movtomp4_setup.msi"
 Type: Compressed
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Virus
 Status: Remove Failed
 -----------
 1 Infected File
[movtomp4_setup.exe] inside of [_____] inside of [i:\_my documents\computers\software\audio and video\mov to mp4 converter\movtomp4_setup.msi] - Remove Failed
 

Kudos0

Re: "Phantom" Threat: Can't Locate It, so Can't Remove it

please note, it appears to say the threat is in two places:

1) Here, which is a disconnected drive: inside of [i:\_my documents\computers\software\audio and video\mov to mp4 converter\movtomp4_setup.msi]

2) And here, which is ... I don't know what it is: inside of [_____]

Kudos0

Re: "Phantom" Threat: Can't Locate It, so Can't Remove it

It does not name the actual threat, meaning it doesn't name a virus or trojan or anything of that sort.

Accepted Solution
Kudos0

Re: "Phantom" Threat: Can't Locate It, so Can't Remove it

The report indicates one infected file, so I assume that "inside of [____]" refers to something within i:\_my documents\computers\software\audio and video\mov to mp4 converter\movtomp4_setup.msi.   I would try to confirm this.  With the i:\ drive physically disconnected, run a full system scan.  If no threats are found on the scanned drives, we will know that the threat is confined to the disconnected drive.  If you are not going to use that drive, you could then just clear the entries from Unresolved Risks, so Norton will no longer remind you about the threat it found.

Kudos0

Re: "Phantom" Threat: Can't Locate It, so Can't Remove it

That's it, this worked. Thanks.

This thread is closed from further comment. Please visit the forum to start a new thread.